cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Assign Microsoft Defender for Endpoint baseline to users or devices?

PerKarlLind
Copper Contributor

‎Apr 12 2023 12:05 AM

‎Apr 12 2023 12:05 AM

Assign Microsoft Defender for Endpoint baseline to users or devices?

I am currently working on Optimizing our Intune configuration for better efficiency and have encountered challenges related to conflicts between Microsoft Defender for Endpoint baselines and device configuration profiles. One such issue I've noticed involves Bitlocker, which appears to have a conflict affecting over 1,000 devices.

 

Our "legacy" configuration profile is assigned to these devices, while our "updated" baseline is assigned to users. I have conducted tests on several devices belonging to my team and excluded them from the "legacy" configuration profile. The transition appears to be seamless, without any negative impact on the end user experience or stored bitlocker recovery key.

 

I am seeking guidance on the following questions:

  1. When it comes to Microsoft Defender for Endpoint baselines, is it more advisable to assign them to devices or users?

  2. Would it be safe and efficient to transition all of our devices to exclusively use the Microsoft Defender for Endpoint baseline, rather than maintaining separate configuration profiles? The settings in both configurations are closely aligned.

 

Thank you in advance!

1,521 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by PerKarlLind (Copper Contributor)
rahuljindal-MVP

‎Apr 12 2023 02:01 AM

‎Apr 12 2023 02:01 AM

Solution

Re: Assign Microsoft Defender for Endpoint baseline to users or devices?

MDE baseline contains a subset of settings that should be configured at a minimum according to Microsoft. It is ideal if you are only looking for a baseline and don't want to admin over head of maintaining these settings outside the baseline. However, most organizations go for complete feature set (if they are licensed) and therefore I normally recommend to deploy the MDE settings using Endpoint security profiles instead. They are specifically tailored for endpoints keeping security in mind. I normally exclude the BitLocker and Defender settings from MDM baseline and don't even consider using MDE security baseline. Not to mention that these baselines have not been updated for a long time, however, that is expected to change in the coming months. As for the assignments, it will depend on the use of the assignments. For example, if it is existing devices, then you can assign to either devices or users. Won't really matter. However, if it is for Autopilot, then you may want to assign profiles like Exploit guard, Application control to users as they can trigger a reboot during AP provisioning sometimes.
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by PerKarlLind (Copper Contributor)
rahuljindal-MVP

‎Apr 12 2023 02:01 AM

‎Apr 12 2023 02:01 AM

Solution

Re: Assign Microsoft Defender for Endpoint baseline to users or devices?

MDE baseline contains a subset of settings that should be configured at a minimum according to Microsoft. It is ideal if you are only looking for a baseline and don't want to admin over head of maintaining these settings outside the baseline. However, most organizations go for complete feature set (if they are licensed) and therefore I normally recommend to deploy the MDE settings using Endpoint security profiles instead. They are specifically tailored for endpoints keeping security in mind. I normally exclude the BitLocker and Defender settings from MDM baseline and don't even consider using MDE security baseline. Not to mention that these baselines have not been updated for a long time, however, that is expected to change in the coming months. As for the assignments, it will depend on the use of the assignments. For example, if it is existing devices, then you can assign to either devices or users. Won't really matter. However, if it is for Autopilot, then you may want to assign profiles like Exploit guard, Application control to users as they can trigger a reboot during AP provisioning sometimes.

View solution in original post

1 Like
Reply